用了asp.net 2.0权验证提供程序,上传到空间里,由于空间没有创建dbo存储过程的权限,而提供程序里的存储过程调用时都在前面加了dbo所有者,如dbo.procedurename,非常郁闷。要是重写的话,工作量不小,而且业务逻辑很难实现。后台找到sqlMembership等提供程序的源码才解决的,这里没有源码的相关下载地址,微软上有得下,工程名叫ProviderToolkitSampleProviders。
下面帖出部分提供程序源码:
SqlMembershipProvider
//------------------------------------------------------------------------------
// <copyright file="SqlMembershipProvider.cs" company="Microsoft">
// Copyright (c) Microsoft Corporation. All rights reserved.
// </copyright>
//------------------------------------------------------------------------------
namespace Microsoft.Samples {
using System;
using System.Web.Security;
using System.Web;
using System.Web.Configuration;
using System.Security.Principal;
using System.Security.Permissions;
using System.Globalization;
using System.Runtime.Serialization;
using System.Collections;
using System.Collections.Specialized;
using System.Data;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
using System.Configuration.Provider;
using System.Configuration;
using System.Web.DataAccess;
using System.Web.Management;
using System.Web.Util;
/// <devdoc>
/// <para>[To be supplied.]</para>
/// </devdoc>
// Remove CAS from sample: [AspNetHostingPermission(SecurityAction.LinkDemand, Level=AspNetHostingPermissionLevel.Minimal)]
// Remove CAS from sample: [AspNetHostingPermission(SecurityAction.InheritanceDemand, Level=AspNetHostingPermissionLevel.Minimal)]
public class SqlMembershipProvider : MembershipProvider
{
// Public properties
public override bool EnablePasswordRetrieval { get { return _EnablePasswordRetrieval; } }
public override bool EnablePasswordReset { get { return _EnablePasswordReset; } }
public override bool RequiresQuestionAndAnswer { get { return _RequiresQuestionAndAnswer; } }
public override bool RequiresUniqueEmail { get { return _RequiresUniqueEmail; } }
public override MembershipPasswordFormat PasswordFormat { get { return _PasswordFormat; }}
public override int MaxInvalidPasswordAttempts { get { return _MaxInvalidPasswordAttempts; } }
public override int PasswordAttemptWindow { get { return _PasswordAttemptWindow; } }
public override int MinRequiredPasswordLength
{
get { return _MinRequiredPasswordLength; }
}
public override int MinRequiredNonAlphanumericCharacters
{
get { return _MinRequiredNonalphanumericCharacters; }
}
public override string PasswordStrengthRegularExpression
{
get { return _PasswordStrengthRegularExpression; }
}
public override string ApplicationName
{
get { return _AppName; }
set
{
if (String.IsNullOrEmpty(value))
throw new ArgumentNullException("value");
if (value.Length > 256)
throw new ProviderException( SR.GetString( SR.Provider_application_name_too_long ) );
_AppName = value;
}
}
private string _sqlConnectionString;
private bool _EnablePasswordRetrieval;
private bool _EnablePasswordReset;
private bool _RequiresQuestionAndAnswer;
private string _AppName;
private bool _RequiresUniqueEmail;
private int _MaxInvalidPasswordAttempts;
private int _CommandTimeout;
private int _PasswordAttemptWindow;
private int _MinRequiredPasswordLength;
private int _MinRequiredNonalphanumericCharacters;
private string _PasswordStrengthRegularExpression;
private int _SchemaVersionCheck;
private MembershipPasswordFormat _PasswordFormat;
private const int PASSWORD_SIZE = 14;
//
//
//
public override void Initialize(string name, NameValueCollection config)
{
// Remove CAS from sample: HttpRuntime.CheckAspNetHostingPermission (AspNetHostingPermissionLevel.Low, SR.Feature_not_supported_at_this_level);
if (config == null)
throw new ArgumentNullException("config");
if (String.IsNullOrEmpty(name))
name = "SqlMembershipProvider";
if (string.IsNullOrEmpty(config["description"])) {
config.Remove("description");
config.Add("description", SR.GetString(SR.MembershipSqlProvider_description));
}
base.Initialize(name, config);
_SchemaVersionCheck = 0;
_EnablePasswordRetrieval = SecUtility.GetBooleanValue(config, "enablePasswordRetrieval", false);
_EnablePasswordReset = SecUtility.GetBooleanValue(config, "enablePasswordReset", true);
_RequiresQuestionAndAnswer = SecUtility.GetBooleanValue(config, "requiresQuestionAndAnswer", true);
_RequiresUniqueEmail = SecUtility.GetBooleanValue(config, "requiresUniqueEmail", true);
_MaxInvalidPasswordAttempts = SecUtility.GetIntValue( config, "maxInvalidPasswordAttempts", 5, false, 0 );
_PasswordAttemptWindow = SecUtility.GetIntValue( config, "passwordAttemptWindow", 10, false, 0 );
_MinRequiredPasswordLength = SecUtility.GetIntValue( config, "minRequiredPasswordLength", 7, false, 128 );
_MinRequiredNonalphanumericCharacters = SecUtility.GetIntValue( config, "minRequiredNonalphanumericCharacters", 1, true, 128 );
_PasswordStrengthRegularExpression = config["passwordStrengthRegularExpression"];
if( _PasswordStrengthRegularExpression != null )
{
_PasswordStrengthRegularExpression = _PasswordStrengthRegularExpression.Trim();
if( _PasswordStrengthRegularExpression.Length != 0 )
{
try
{
Regex regex = new Regex( _PasswordStrengthRegularExpression );
}
catch( ArgumentException e )
{
throw new ProviderException( e.Message, e );
}
}
}
else
{
_PasswordStrengthRegularExpression = string.Empty;
}
if (_MinRequiredNonalphanumericCharacters > _MinRequiredPasswordLength)
throw new HttpException(SR.GetString(SR.MinRequiredNonalphanumericCharacters_can_not_be_more_than_MinRequiredPasswordLength));
_CommandTimeout = SecUtility.GetIntValue( config, "commandTimeout", 30, true, 0 );
_AppName = config["applicationName"];
if (string.IsNullOrEmpty(_AppName))
_AppName = SecUtility.GetDefaultAppName();
if( _AppName.Length > 256 )
{
throw new ProviderException(SR.GetString(SR.Provider_application_name_too_long));
}
string strTemp = config["passwordFormat"];
if (strTemp == null)
strTemp = "Hashed";
switch(strTemp)
{
case "Clear":
_PasswordFormat = MembershipPasswordFormat.Clear;
break;
case "Encrypted":
_PasswordFormat = MembershipPasswordFormat.Encrypted;
break;
case "Hashed":
_PasswordFormat = MembershipPasswordFormat.Hashed;
break;
default:
throw new ProviderException(SR.GetString(SR.Provider_bad_password_format));
}
if (PasswordFormat == MembershipPasswordFormat.Hashed && EnablePasswordRetrieval)
throw new ProviderException(SR.GetString(SR.Provider_can_not_retrieve_hashed_password));
//if (_PasswordFormat == MembershipPasswordFormat.Encrypted && MachineKeySection.IsDecryptionKeyAutogenerated)
// throw new ProviderException(SR.GetString(SR.Can_not_use_encrypted_passwords_with_autogen_keys));
string temp = config["connectionStringName"];
if (temp == null || temp.Length < 1)
throw new ProviderException(SR.GetString(SR.Connection_name_not_specified));
_sqlConnectionString = SqlConnectionHelper.GetConnectionString(temp, true, true);
if (_sqlConnectionString == null || _sqlConnectionString.Length < 1) {
throw new ProviderException(SR.GetString(SR.Connection_string_not_found, temp));
}
config.Remove("connectionStringName");
config.Remove("enablePasswordRetrieval");
config.Remove("enablePasswordReset");
config.Remove("requiresQuestionAndAnswer");
config.Remove("applicationName");
config.Remove("requiresUniqueEmail");
config.Remove("maxInvalidPasswordAttempts");
config.Remove("passwordAttemptWindow");
config.Remove("commandTimeout");
config.Remove("passwordFormat");
config.Remove("name");
config.Remove("minRequiredPasswordLength");
config.Remove("minRequiredNonalphanumericCharacters");
config.Remove("passwordStrengthRegularExpression");
if (config.Count > 0) {
string attribUnrecognized = config.GetKey(0);
if (!String.IsNullOrEmpty(attribUnrecognized))
throw new ProviderException(SR.GetString(SR.Provider_unrecognized_attribute, attribUnrecognized));
}
}
private void CheckSchemaVersion( SqlConnection connection )
{
string[] features = { "Common", "Membership" };
string version = "1";
SecUtility.CheckSchemaVersion( this,
connection,
features,
version,
ref _SchemaVersionCheck );
}
private int CommandTimeout
{
get{ return _CommandTimeout; }
}
public override MembershipUser CreateUser( string username,
string password,
string email,
string passwordQuestion,
string passwordAnswer,
bool isApproved,
object providerUserKey,
out MembershipCreateStatus status )
{
if( !SecUtility.ValidateParameter(ref password, true, true, false, 128))
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
string salt = GenerateSalt();
string pass = EncodePassword(password, (int)_PasswordFormat, salt);
if ( pass.Length > 128 )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
string encodedPasswordAnswer;
if( passwordAnswer != null )
{
passwordAnswer = passwordAnswer.Trim();
}
if (!string.IsNullOrEmpty(passwordAnswer)) {
if( passwordAnswer.Length > 128 )
{
status = MembershipCreateStatus.InvalidAnswer;
return null;
}
encodedPasswordAnswer = EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), (int)_PasswordFormat, salt);
}
else
encodedPasswordAnswer = passwordAnswer;
if (!SecUtility.ValidateParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, true, false, 128))
{
status = MembershipCreateStatus.InvalidAnswer;
return null;
}
if( !SecUtility.ValidateParameter( ref username,true, true, true, 256))
{
status = MembershipCreateStatus.InvalidUserName;
return null;
}
if( !SecUtility.ValidateParameter( ref email,
RequiresUniqueEmail,
RequiresUniqueEmail,
false,
256 ) )
{
status = MembershipCreateStatus.InvalidEmail;
return null;
}
if( !SecUtility.ValidateParameter( ref passwordQuestion, RequiresQuestionAndAnswer, true, false, 256))
{
status = MembershipCreateStatus.InvalidQuestion;
return null;
}
if( providerUserKey != null )
{
if( !( providerUserKey is Guid ) )
{
status = MembershipCreateStatus.InvalidProviderUserKey;
return null;
}
}
if( password.Length < MinRequiredPasswordLength )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
int count = 0;
for( int i = 0; i < password.Length; i++ )
{
if( !char.IsLetterOrDigit( password, i ) )
{
count++;
}
}
if( count < MinRequiredNonAlphanumericCharacters )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
if( PasswordStrengthRegularExpression.Length > 0 )
{
if( !Regex.IsMatch( password, PasswordStrengthRegularExpression ) )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
}
ValidatePasswordEventArgs e = new ValidatePasswordEventArgs( username, password, true );
OnValidatingPassword( e );
if( e.Cancel )
{
status = MembershipCreateStatus.InvalidPassword;
return null;
}
try
{
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
DateTime dt = RoundToSeconds(DateTime.UtcNow);
SqlCommand cmd = new SqlCommand("aspnet_Membership_CreateUser", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@Password", SqlDbType.NVarChar, pass));
cmd.Parameters.Add(CreateInputParam("@PasswordSalt", SqlDbType.NVarChar, salt));
cmd.Parameters.Add(CreateInputParam("@Email", SqlDbType.NVarChar, email));
cmd.Parameters.Add(CreateInputParam("@PasswordQuestion", SqlDbType.NVarChar, passwordQuestion));
cmd.Parameters.Add(CreateInputParam("@PasswordAnswer", SqlDbType.NVarChar, encodedPasswordAnswer));
cmd.Parameters.Add(CreateInputParam("@IsApproved", SqlDbType.Bit, isApproved));
cmd.Parameters.Add(CreateInputParam("@UniqueEmail", SqlDbType.Int, RequiresUniqueEmail ? 1 : 0));
cmd.Parameters.Add(CreateInputParam("@PasswordFormat", SqlDbType.Int, (int)PasswordFormat));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, dt));
SqlParameter p = CreateInputParam("@UserId", SqlDbType.UniqueIdentifier, providerUserKey);
p.Direction= ParameterDirection.InputOutput;
cmd.Parameters.Add( p );
p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
int iStatus = ((p.Value!=null) ? ((int) p.Value) : -1);
if (iStatus < 0 || iStatus > (int) MembershipCreateStatus.ProviderError)
iStatus = (int) MembershipCreateStatus.ProviderError;
status = (MembershipCreateStatus) iStatus;
if (iStatus != 0) // !success
return null;
providerUserKey = new Guid( cmd.Parameters[ "@UserId" ].Value.ToString() );
dt = dt.ToLocalTime();
return new MembershipUser( this.Name,
username,
providerUserKey,
email,
passwordQuestion,
null,
isApproved,
false,
dt,
dt,
dt,
dt,
new DateTime( 1754, 1, 1 ) );
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//
//
//
public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer)
{
SecUtility.CheckParameter( ref username, true, true, true, 256, "username" );
SecUtility.CheckParameter( ref password, true, true, false, 128, "password" );
string salt;
int passwordFormat;
if (!CheckPassword(username, password, false, false, out salt, out passwordFormat))
return false;
SecUtility.CheckParameter(ref newPasswordQuestion, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 256, "newPasswordQuestion");
string encodedPasswordAnswer;
if( newPasswordAnswer != null )
{
newPasswordAnswer = newPasswordAnswer.Trim();
}
SecUtility.CheckParameter(ref newPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "newPasswordAnswer");
if (!string.IsNullOrEmpty(newPasswordAnswer)) {
encodedPasswordAnswer = EncodePassword(newPasswordAnswer.ToLower(CultureInfo.InvariantCulture), (int)passwordFormat, salt);
}
else
encodedPasswordAnswer = newPasswordAnswer;
SecUtility.CheckParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "newPasswordAnswer");
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("aspnet_Membership_ChangePasswordQuestionAndAnswer", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@NewPasswordQuestion", SqlDbType.NVarChar, newPasswordQuestion));
cmd.Parameters.Add(CreateInputParam("@NewPasswordAnswer", SqlDbType.NVarChar, encodedPasswordAnswer));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
int status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
if( status != 0 )
{
throw new ProviderException( GetExceptionText( status ) );
}
return ( status == 0 );
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//
//
//
public override string GetPassword(string username, string passwordAnswer)
{
if ( !EnablePasswordRetrieval )
{
throw new NotSupportedException( SR.GetString( SR.Membership_PasswordRetrieval_not_supported ) );
}
SecUtility.CheckParameter( ref username, true, true, true, 256, "username" );
string encodedPasswordAnswer = GetEncodedPasswordAnswer(username, passwordAnswer);
SecUtility.CheckParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "passwordAnswer");
string errText;
int passwordFormat = 0;
int status = 0;
string pass = GetPasswordFromDB(username, encodedPasswordAnswer, RequiresQuestionAndAnswer, out passwordFormat, out status);
if ( pass == null )
{
errText = GetExceptionText( status );
if ( IsStatusDueToBadPassword( status ) )
{
throw new MembershipPasswordException( errText );
}
else
{
throw new ProviderException( errText );
}
}
return UnEncodePassword( pass, passwordFormat );
}
//
//
//
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
SecUtility.CheckParameter( ref username, true, true, true, 256, "username" );
SecUtility.CheckParameter( ref oldPassword, true, true, false, 128, "oldPassword" );
SecUtility.CheckParameter( ref newPassword, true, true, false, 128, "newPassword" );
string salt = null;
int passwordFormat;
int status;
if (!CheckPassword( username, oldPassword, false, false, out salt, out passwordFormat))
{
return false;
}
if( newPassword.Length < MinRequiredPasswordLength )
{
throw new ArgumentException(SR.GetString(
SR.Password_too_short,
"newPassword",
MinRequiredPasswordLength.ToString(CultureInfo.InvariantCulture)));
}
int count = 0;
for( int i = 0; i < newPassword.Length; i++ )
{
if( !char.IsLetterOrDigit( newPassword, i ) )
{
count++;
}
}
if( count < MinRequiredNonAlphanumericCharacters )
{
throw new ArgumentException(SR.GetString(
SR.Password_need_more_non_alpha_numeric_chars,
"newPassword",
MinRequiredNonAlphanumericCharacters.ToString(CultureInfo.InvariantCulture)));
}
if( PasswordStrengthRegularExpression.Length > 0 )
{
if( !Regex.IsMatch( newPassword, PasswordStrengthRegularExpression ) )
{
throw new ArgumentException(SR.GetString(SR.Password_does_not_match_regular_expression,
"newPassword"));
}
}
string pass = EncodePassword(newPassword, (int)passwordFormat, salt);
if ( pass.Length > 128 )
{
throw new ArgumentException(SR.GetString(SR.Membership_password_too_long), "newPassword");
}
ValidatePasswordEventArgs e = new ValidatePasswordEventArgs( username, newPassword, false );
OnValidatingPassword( e );
if( e.Cancel )
{
if( e.FailureInformation != null )
{
throw e.FailureInformation;
}
else
{
throw new ArgumentException( SR.GetString( SR.Membership_Custom_Password_Validation_Failure ), "newPassword");
}
}
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand( "aspnet_Membership_SetPassword", holder.Connection );
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@NewPassword", SqlDbType.NVarChar, pass));
cmd.Parameters.Add(CreateInputParam("@PasswordSalt", SqlDbType.NVarChar, salt));
cmd.Parameters.Add(CreateInputParam("@PasswordFormat", SqlDbType.Int, passwordFormat));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
if ( status != 0 )
{
string errText = GetExceptionText( status );
if ( IsStatusDueToBadPassword( status ) )
{
throw new MembershipPasswordException( errText );
}
else
{
throw new ProviderException( errText );
}
}
return true;
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//
//
//
public override string ResetPassword( string username, string passwordAnswer )
{
if ( !EnablePasswordReset )
{
throw new NotSupportedException( SR.GetString( SR.Not_configured_to_support_password_resets ) );
}
SecUtility.CheckParameter( ref username, true, true, true, 256, "username" );
string salt;
int passwordFormat;
string passwdFromDB;
int status;
int failedPasswordAttemptCount;
int failedPasswordAnswerAttemptCount;
bool isApproved;
DateTime lastLoginDate, lastActivityDate;
GetPasswordWithFormat(username, false, out status, out passwdFromDB, out passwordFormat, out salt, out failedPasswordAttemptCount,
out failedPasswordAnswerAttemptCount, out isApproved, out lastLoginDate, out lastActivityDate);
if (status != 0)
{
if (IsStatusDueToBadPassword(status))
{
throw new MembershipPasswordException(GetExceptionText(status));
}
else
{
throw new ProviderException(GetExceptionText(status));
}
}
string encodedPasswordAnswer;
if( passwordAnswer != null )
{
passwordAnswer = passwordAnswer.Trim();
}
if (!string.IsNullOrEmpty(passwordAnswer))
encodedPasswordAnswer = EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), passwordFormat, salt);
else
encodedPasswordAnswer = passwordAnswer;
SecUtility.CheckParameter(ref encodedPasswordAnswer, RequiresQuestionAndAnswer, RequiresQuestionAndAnswer, false, 128, "passwordAnswer");
string newPassword = GeneratePassword();
ValidatePasswordEventArgs e = new ValidatePasswordEventArgs( username, newPassword, false );
OnValidatingPassword( e );
if( e.Cancel )
{
if( e.FailureInformation != null )
{
throw e.FailureInformation;
}
else
{
throw new ProviderException( SR.GetString( SR.Membership_Custom_Password_Validation_Failure ) );
}
}
try
{
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("aspnet_Membership_ResetPassword", holder.Connection);
string errText;
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@NewPassword", SqlDbType.NVarChar, EncodePassword(newPassword, (int) passwordFormat, salt)));
cmd.Parameters.Add(CreateInputParam("@MaxInvalidPasswordAttempts", SqlDbType.Int, MaxInvalidPasswordAttempts ) );
cmd.Parameters.Add(CreateInputParam("@PasswordAttemptWindow", SqlDbType.Int, PasswordAttemptWindow ) );
cmd.Parameters.Add(CreateInputParam("@PasswordSalt", SqlDbType.NVarChar, salt));
cmd.Parameters.Add(CreateInputParam("@PasswordFormat", SqlDbType.Int, (int)passwordFormat));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
if (RequiresQuestionAndAnswer) {
cmd.Parameters.Add(CreateInputParam("@PasswordAnswer", SqlDbType.NVarChar, encodedPasswordAnswer));
}
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
if ( status != 0 )
{
errText = GetExceptionText( status );
if ( IsStatusDueToBadPassword( status ) )
{
throw new MembershipPasswordException( errText );
}
else
{
throw new ProviderException( errText );
}
}
return newPassword;
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//
//
//
public override void UpdateUser(MembershipUser user)
{
if( user == null )
{
throw new ArgumentNullException( "user" );
}
string temp = user.UserName;
SecUtility.CheckParameter( ref temp, true, true, true, 256, "UserName" );
temp = user.Email;
SecUtility.CheckParameter( ref temp,
RequiresUniqueEmail,
RequiresUniqueEmail,
false,
256,
"Email");
user.Email = temp;
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("aspnet_Membership_UpdateUser", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, user.UserName));
cmd.Parameters.Add(CreateInputParam("@Email", SqlDbType.NVarChar, user.Email));
cmd.Parameters.Add(CreateInputParam("@Comment", SqlDbType.NText, user.Comment));
cmd.Parameters.Add(CreateInputParam("@IsApproved", SqlDbType.Bit, user.IsApproved ? 1 : 0));
cmd.Parameters.Add(CreateInputParam("@LastLoginDate", SqlDbType.DateTime, user.LastLoginDate.ToUniversalTime()));
cmd.Parameters.Add(CreateInputParam("@LastActivityDate", SqlDbType.DateTime, user.LastActivityDate.ToUniversalTime()));
cmd.Parameters.Add(CreateInputParam("@UniqueEmail", SqlDbType.Int, RequiresUniqueEmail ? 1 : 0));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
int status = ((p.Value!=null) ? ((int) p.Value) : -1);
if (status != 0)
throw new ProviderException(GetExceptionText(status));
return;
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//
//
//
public override bool ValidateUser(string username, string password)
{
if ( SecUtility.ValidateParameter(ref username, true, true, true, 256) &&
SecUtility.ValidateParameter(ref password, true, true, false, 128) &&
CheckPassword(username, password, true, true))
{
// Comment out perf counters in sample: PerfCounters.IncrementCounter(AppPerfCounter.MEMBER_SUCCESS);
// Comment out events in sample: WebBaseEvent.RaiseSystemEvent(null, WebEventCodes.AuditMembershipAuthenticationSuccess, username);
return true;
} else {
// Comment out perf counters in sample: PerfCounters.IncrementCounter(AppPerfCounter.MEMBER_FAIL);
// Comment out events in sample: WebBaseEvent.RaiseSystemEvent(null, WebEventCodes.AuditMembershipAuthenticationFailure, username);
return false;
}
}
public override bool UnlockUser( string username )
{
SecUtility.CheckParameter(ref username, true, true, true, 256, "username" );
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion(holder.Connection);
SqlCommand cmd = new SqlCommand("aspnet_Membership_UnlockUser", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
int status = ((p.Value != null) ? ((int)p.Value) : -1);
if (status == 0) {
return true;
}
return false;
}
finally {
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
public override MembershipUser GetUser( object providerUserKey, bool userIsOnline )
{
if( providerUserKey == null )
{
throw new ArgumentNullException( "providerUserKey" );
}
if ( !( providerUserKey is Guid ) )
{
throw new ArgumentException( SR.GetString( SR.Membership_InvalidProviderUserKey ), "providerUserKey" );
}
SqlDataReader reader = null;
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand( "aspnet_Membership_GetUserByUserId", holder.Connection );
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@UserId", SqlDbType.UniqueIdentifier, providerUserKey ) );
cmd.Parameters.Add(CreateInputParam("@UpdateLastActivity", SqlDbType.Bit, userIsOnline));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
reader = cmd.ExecuteReader();
if ( reader.Read() )
{
string email = GetNullableString(reader, 0);
string passwordQuestion = GetNullableString( reader, 1 );
string comment = GetNullableString(reader, 2);
bool isApproved = reader.GetBoolean(3);
DateTime dtCreate = reader.GetDateTime(4).ToLocalTime();
DateTime dtLastLogin = reader.GetDateTime(5).ToLocalTime();
DateTime dtLastActivity = reader.GetDateTime(6).ToLocalTime();
DateTime dtLastPassChange = reader.GetDateTime(7).ToLocalTime();
string userName = GetNullableString(reader, 8);
bool isLockedOut = reader.GetBoolean(9);
DateTime dtLastLockoutDate = reader.GetDateTime(10).ToLocalTime();
// Step 4 : Return the result
return new MembershipUser( this.Name,
userName,
providerUserKey,
email,
passwordQuestion,
comment,
isApproved,
isLockedOut,
dtCreate,
dtLastLogin,
dtLastActivity,
dtLastPassChange,
dtLastLockoutDate );
}
return null;
}
finally
{
if ( reader != null )
{
reader.Close();
reader = null;
}
if( holder != null )
{
holder.Close();
holder = null;
}
}
}
catch
{
throw;
}
}
//
//
//
public override MembershipUser GetUser(string username, bool userIsOnline)
{
SecUtility.CheckParameter(
ref username,
true,
false,
true,
256,
"username" );
SqlDataReader reader = null;
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("aspnet_Membership_GetUserByName", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
cmd.Parameters.Add(CreateInputParam("@UpdateLastActivity", SqlDbType.Bit, userIsOnline));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
reader = cmd.ExecuteReader();
if ( reader.Read() )
{
string email = GetNullableString(reader, 0);
string passwordQuestion = GetNullableString( reader, 1 );
string comment = GetNullableString(reader, 2);
bool isApproved = reader.GetBoolean(3);
DateTime dtCreate = reader.GetDateTime(4).ToLocalTime();
DateTime dtLastLogin = reader.GetDateTime(5).ToLocalTime();
DateTime dtLastActivity = reader.GetDateTime(6).ToLocalTime();
DateTime dtLastPassChange = reader.GetDateTime(7).ToLocalTime();
Guid userId = reader.GetGuid( 8 );
bool isLockedOut = reader.GetBoolean( 9 );
DateTime dtLastLockoutDate = reader.GetDateTime(10).ToLocalTime();
// Step 4 : Return the result
return new MembershipUser( this.Name,
username,
userId,
email,
passwordQuestion,
comment,
isApproved,
isLockedOut,
dtCreate,
dtLastLogin,
dtLastActivity,
dtLastPassChange,
dtLastLockoutDate );
}
return null;
}
finally
{
if ( reader != null )
{
reader.Close();
reader = null;
}
if( holder != null )
{
holder.Close();
holder = null;
}
}
}
catch
{
throw;
}
}
//
//
//
public override string GetUserNameByEmail(string email)
{
SecUtility.CheckParameter(
ref email,
false,
false,
false,
256,
"email" );
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("aspnet_Membership_GetUserByEmail", holder.Connection);
string username = null;
SqlDataReader reader = null;
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@Email", SqlDbType.NVarChar, email));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
try {
reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
if (reader.Read())
{
username = GetNullableString( reader, 0 );
if ( RequiresUniqueEmail && reader.Read() )
{
throw new ProviderException(SR.GetString(SR.Membership_more_than_one_user_with_email));
}
}
}
finally
{
if (reader != null)
reader.Close();
}
return username;
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//
//
//
public override bool DeleteUser(string username, bool deleteAllRelatedData)
{
SecUtility.CheckParameter( ref username, true, true, true, 256, "username" );
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("aspnet_Users_DeleteUser", holder.Connection);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserName", SqlDbType.NVarChar, username));
if( deleteAllRelatedData )
{
cmd.Parameters.Add(CreateInputParam("@TablesToDeleteFrom", SqlDbType.Int, 0xF));
}
else
{
cmd.Parameters.Add(CreateInputParam("@TablesToDeleteFrom", SqlDbType.Int, 1));
}
SqlParameter p = new SqlParameter("@NumTablesDeletedFrom", SqlDbType.Int);
p.Direction = ParameterDirection.Output;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
int status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
return ( status > 0 );
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
//
//
//
public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)
{
if ( pageIndex < 0 )
throw new ArgumentException(SR.GetString(SR.PageIndex_bad), "pageIndex");
if ( pageSize < 1 )
throw new ArgumentException(SR.GetString(SR.PageSize_bad), "pageSize");
long upperBound = (long)pageIndex * pageSize + pageSize - 1;
if ( upperBound > Int32.MaxValue )
throw new ArgumentException(SR.GetString(SR.PageIndex_PageSize_bad), "pageIndex and pageSize");
MembershipUserCollection users = new MembershipUserCollection();
totalRecords = 0;
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("aspnet_Membership_GetAllUsers", holder.Connection);
SqlDataReader reader = null;
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@PageIndex", SqlDbType.Int, pageIndex));
cmd.Parameters.Add(CreateInputParam("@PageSize", SqlDbType.Int, pageSize));
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
try {
reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
while (reader.Read()) {
string username, email, passwordQuestion, comment;
bool isApproved;
DateTime dtCreate, dtLastLogin, dtLastActivity, dtLastPassChange;
Guid userId;
bool isLockedOut;
DateTime dtLastLockoutDate;
username = GetNullableString( reader, 0 );
email = GetNullableString(reader, 1);
passwordQuestion = GetNullableString( reader, 2 );
comment = GetNullableString(reader, 3);
isApproved = reader.GetBoolean(4);
dtCreate = reader.GetDateTime(5).ToLocalTime();
dtLastLogin = reader.GetDateTime(6).ToLocalTime();
dtLastActivity = reader.GetDateTime(7).ToLocalTime();
dtLastPassChange = reader.GetDateTime(8).ToLocalTime();
userId = reader.GetGuid( 9 );
isLockedOut = reader.GetBoolean( 10 );
dtLastLockoutDate = reader.GetDateTime(11).ToLocalTime();
users.Add( new MembershipUser( this.Name,
username,
userId,
email,
passwordQuestion,
comment,
isApproved,
isLockedOut,
dtCreate,
dtLastLogin,
dtLastActivity,
dtLastPassChange,
dtLastLockoutDate ) );
}
}
finally
{
if (reader != null)
reader.Close();
if (p.Value != null && p.Value is int)
totalRecords = (int)p.Value;
}
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
return users;
}
/
/
/
public override int GetNumberOfUsersOnline()
{
try {
SqlConnectionHolder holder = null;
try {
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("aspnet_Membership_GetNumberOfUsersOnline", holder.Connection);
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@MinutesSinceLastInActive", SqlDbType.Int, Membership.UserIsOnlineTimeWindow));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
int num = ((p.Value!=null) ? ((int) p.Value) : -1);
return num;
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
/
/
/
public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords)
{
SecUtility.CheckParameter(ref usernameToMatch, true, true, false, 256, "usernameToMatch");
if ( pageIndex < 0 )
throw new ArgumentException(SR.GetString(SR.PageIndex_bad), "pageIndex");
if ( pageSize < 1 )
throw new ArgumentException(SR.GetString(SR.PageSize_bad), "pageSize");
long upperBound = (long)pageIndex * pageSize + pageSize - 1;
if ( upperBound > Int32.MaxValue )
throw new ArgumentException(SR.GetString(SR.PageIndex_PageSize_bad), "pageIndex and pageSize");
try
{
SqlConnectionHolder holder = null;
totalRecords = 0;
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
try {
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("aspnet_Membership_FindUsersByName", holder.Connection);
MembershipUserCollection users = new MembershipUserCollection();
SqlDataReader reader = null;
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@UserNameToMatch", SqlDbType.NVarChar, usernameToMatch));
cmd.Parameters.Add(CreateInputParam("@PageIndex", SqlDbType.Int, pageIndex));
cmd.Parameters.Add(CreateInputParam("@PageSize", SqlDbType.Int, pageSize));
cmd.Parameters.Add(p);
try
{
reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
while (reader.Read())
{
string username, email, passwordQuestion, comment;
bool isApproved;
DateTime dtCreate, dtLastLogin, dtLastActivity, dtLastPassChange;
Guid userId;
bool isLockedOut;
DateTime dtLastLockoutDate;
username = GetNullableString( reader, 0 );
email = GetNullableString(reader, 1);
passwordQuestion = GetNullableString( reader, 2 );
comment = GetNullableString(reader, 3);
isApproved = reader.GetBoolean(4);
dtCreate = reader.GetDateTime(5).ToLocalTime();
dtLastLogin = reader.GetDateTime(6).ToLocalTime();
dtLastActivity = reader.GetDateTime(7).ToLocalTime();
dtLastPassChange = reader.GetDateTime(8).ToLocalTime();
userId = reader.GetGuid( 9 );
isLockedOut = reader.GetBoolean( 10 );
dtLastLockoutDate = reader.GetDateTime(11).ToLocalTime();
users.Add( new MembershipUser( this.Name,
username,
userId,
email,
passwordQuestion,
comment,
isApproved,
isLockedOut,
dtCreate,
dtLastLogin,
dtLastActivity,
dtLastPassChange,
dtLastLockoutDate ) );
}
return users;
}
finally
{
if (reader != null)
reader.Close();
if (p.Value != null && p.Value is int)
totalRecords = (int) p.Value;
}
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
/
/
/
public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords)
{
SecUtility.CheckParameter(ref emailToMatch, false, false, false, 256, "emailToMatch");
if ( pageIndex < 0 )
throw new ArgumentException(SR.GetString(SR.PageIndex_bad), "pageIndex");
if ( pageSize < 1 )
throw new ArgumentException(SR.GetString(SR.PageSize_bad), "pageSize");
long upperBound = (long)pageIndex * pageSize + pageSize - 1;
if ( upperBound > Int32.MaxValue )
throw new ArgumentException(SR.GetString(SR.PageIndex_PageSize_bad), "pageIndex and pageSize");
try {
SqlConnectionHolder holder = null;
totalRecords = 0;
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
try {
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand("aspnet_Membership_FindUsersByEmail", holder.Connection);
MembershipUserCollection users = new MembershipUserCollection();
SqlDataReader reader = null;
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam("@ApplicationName", SqlDbType.NVarChar, ApplicationName));
cmd.Parameters.Add(CreateInputParam("@EmailToMatch", SqlDbType.NVarChar, emailToMatch));
cmd.Parameters.Add(CreateInputParam("@PageIndex", SqlDbType.Int, pageIndex));
cmd.Parameters.Add(CreateInputParam("@PageSize", SqlDbType.Int, pageSize));
cmd.Parameters.Add(p);
try {
reader = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
while (reader.Read()) {
string username, email, passwordQuestion, comment;
bool isApproved;
DateTime dtCreate, dtLastLogin, dtLastActivity, dtLastPassChange;
Guid userId;
bool isLockedOut;
DateTime dtLastLockoutDate;
username = GetNullableString( reader, 0 );
email = GetNullableString(reader, 1);
passwordQuestion = GetNullableString( reader, 2 );
comment = GetNullableString(reader, 3);
isApproved = reader.GetBoolean(4);
dtCreate = reader.GetDateTime(5).ToLocalTime();
dtLastLogin = reader.GetDateTime(6).ToLocalTime();
dtLastActivity = reader.GetDateTime(7).ToLocalTime();
dtLastPassChange = reader.GetDateTime(8).ToLocalTime();
userId = reader.GetGuid( 9 );
isLockedOut = reader.GetBoolean( 10 );
dtLastLockoutDate = reader.GetDateTime(11).ToLocalTime();
users.Add( new MembershipUser( this.Name,
username,
userId,
email,
passwordQuestion,
comment,
isApproved,
isLockedOut,
dtCreate,
dtLastLogin,
dtLastActivity,
dtLastPassChange,
dtLastLockoutDate ) );
}
return users;
}
finally
{
if (reader != null)
reader.Close();
if (p.Value != null && p.Value is int)
totalRecords = (int)p.Value;
}
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch {
throw;
}
}
/
/
private bool CheckPassword( string username, string password, bool updateLastLoginActivityDate, bool failIfNotApproved)
{
string salt;
int passwordFormat;
return CheckPassword(username, password, updateLastLoginActivityDate, failIfNotApproved, out salt, out passwordFormat);
}
private bool CheckPassword( string username, string password, bool updateLastLoginActivityDate, bool failIfNotApproved, out string salt, out int passwordFormat)
{
SqlConnectionHolder holder = null;
string passwdFromDB;
int status;
int failedPasswordAttemptCount;
int failedPasswordAnswerAttemptCount;
bool isPasswordCorrect;
bool isApproved;
DateTime lastLoginDate, lastActivityDate;
GetPasswordWithFormat(username, updateLastLoginActivityDate, out status, out passwdFromDB, out passwordFormat, out salt, out failedPasswordAttemptCount,
out failedPasswordAnswerAttemptCount, out isApproved, out lastLoginDate, out lastActivityDate);
if (status != 0)
return false;
if (!isApproved && failIfNotApproved)
return false;
string encodedPasswd = EncodePassword( password, passwordFormat, salt );
isPasswordCorrect = passwdFromDB.Equals( encodedPasswd );
if( isPasswordCorrect && failedPasswordAttemptCount == 0 && failedPasswordAnswerAttemptCount == 0 )
return true;
try
{
try
{
holder = SqlConnectionHelper.GetConnection(_sqlConnectionString, true);
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand( "aspnet_Membership_UpdateUserInfo", holder.Connection );
DateTime dtNow = DateTime.UtcNow;
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add( CreateInputParam( "@ApplicationName", SqlDbType.NVarChar, ApplicationName ) );
cmd.Parameters.Add( CreateInputParam( "@UserName", SqlDbType.NVarChar, username ) );
cmd.Parameters.Add( CreateInputParam( "@IsPasswordCorrect", SqlDbType.Bit, isPasswordCorrect ) );
cmd.Parameters.Add( CreateInputParam( "@UpdateLastLoginActivityDate", SqlDbType.Bit, updateLastLoginActivityDate ) );
cmd.Parameters.Add( CreateInputParam( "@MaxInvalidPasswordAttempts", SqlDbType.Int, MaxInvalidPasswordAttempts ) );
cmd.Parameters.Add( CreateInputParam( "@PasswordAttemptWindow", SqlDbType.Int, PasswordAttemptWindow ) );
cmd.Parameters.Add( CreateInputParam( "@CurrentTimeUtc", SqlDbType.DateTime, dtNow));
cmd.Parameters.Add( CreateInputParam( "@LastLoginDate", SqlDbType.DateTime, isPasswordCorrect ? dtNow : lastLoginDate));
cmd.Parameters.Add( CreateInputParam( "@LastActivityDate", SqlDbType.DateTime, isPasswordCorrect ? dtNow : lastActivityDate));
SqlParameter p = new SqlParameter("@ReturnValue", SqlDbType.Int);
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
}
finally
{
if( holder != null )
{
holder.Close();
holder = null;
}
}
}
catch
{
throw;
}
return isPasswordCorrect;
}
/
/
private void GetPasswordWithFormat( string username,
bool updateLastLoginActivityDate,
out int status,
out string password,
out int passwordFormat,
out string passwordSalt,
out int failedPasswordAttemptCount,
out int failedPasswordAnswerAttemptCount,
out bool isApproved,
out DateTime lastLoginDate,
out DateTime lastActivityDate)
{
try {
SqlConnectionHolder holder = null;
SqlDataReader reader = null;
SqlParameter p = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand( "aspnet_Membership_GetPasswordWithFormat", holder.Connection );
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(CreateInputParam( "@ApplicationName", SqlDbType.NVarChar, ApplicationName ) );
cmd.Parameters.Add(CreateInputParam( "@UserName", SqlDbType.NVarChar, username ) );
cmd.Parameters.Add(CreateInputParam("@UpdateLastLoginActivityDate", SqlDbType.Bit, updateLastLoginActivityDate));
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
p = new SqlParameter( "@ReturnValue", SqlDbType.Int );
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
reader = cmd.ExecuteReader( CommandBehavior.SingleRow );
status = -1;
if (reader.Read())
{
password = reader.GetString( 0 );
passwordFormat = reader.GetInt32( 1 );
passwordSalt = reader.GetString( 2 );
failedPasswordAttemptCount = reader.GetInt32( 3 );
failedPasswordAnswerAttemptCount = reader.GetInt32( 4 );
isApproved = reader.GetBoolean(5);
lastLoginDate = reader.GetDateTime(6);
lastActivityDate = reader.GetDateTime(7);
}
else
{
password = null;
passwordFormat = 0;
passwordSalt = null;
failedPasswordAttemptCount = 0;
failedPasswordAnswerAttemptCount = 0;
isApproved = false;
lastLoginDate = DateTime.UtcNow;
lastActivityDate = DateTime.UtcNow;
}
}
finally
{
if( reader != null )
{
reader.Close();
reader = null;
status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
}
if( holder != null )
{
holder.Close();
holder = null;
}
}
} catch
{
throw;
}
}
/
/
private string GetPasswordFromDB( string username,
string passwordAnswer,
bool requiresQuestionAndAnswer,
out int passwordFormat,
out int status )
{
try {
SqlConnectionHolder holder = null;
SqlDataReader reader = null;
SqlParameter p = null;
try {
holder = SqlConnectionHelper.GetConnection( _sqlConnectionString, true );
CheckSchemaVersion( holder.Connection );
SqlCommand cmd = new SqlCommand( "aspnet_Membership_GetPassword", holder.Connection );
cmd.CommandTimeout = CommandTimeout;
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add( CreateInputParam( "@ApplicationName", SqlDbType.NVarChar, ApplicationName ) );
cmd.Parameters.Add( CreateInputParam( "@UserName", SqlDbType.NVarChar, username ) );
cmd.Parameters.Add( CreateInputParam( "@MaxInvalidPasswordAttempts", SqlDbType.Int, MaxInvalidPasswordAttempts ) );
cmd.Parameters.Add( CreateInputParam( "@PasswordAttemptWindow", SqlDbType.Int, PasswordAttemptWindow ) );
cmd.Parameters.Add(CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
if ( requiresQuestionAndAnswer )
{
cmd.Parameters.Add( CreateInputParam( "@PasswordAnswer", SqlDbType.NVarChar, passwordAnswer ) );
}
p = new SqlParameter( "@ReturnValue", SqlDbType.Int );
p.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add(p);
reader = cmd.ExecuteReader( CommandBehavior.SingleRow );
string password = null;
status = -1;
if ( reader.Read() )
{
password = reader.GetString( 0 );
passwordFormat = reader.GetInt32( 1 );
}
else
{
password = null;
passwordFormat = 0;
}
return password;
}
finally
{
if( reader != null )
{
reader.Close();
reader = null;
status = ( ( p.Value != null ) ? ( ( int )p.Value ) : -1 );
}
if( holder != null )
{
holder.Close();
holder = null;
}
}
}
catch
{
throw;
}
}
/
/
private string GetEncodedPasswordAnswer(string username, string passwordAnswer)
{
if( passwordAnswer != null )
{
passwordAnswer = passwordAnswer.Trim();
}
if (string.IsNullOrEmpty(passwordAnswer))
return passwordAnswer;
int status, passwordFormat, failedPasswordAttemptCount, failedPasswordAnswerAttemptCount;
string password, passwordSalt;
bool isApproved;
DateTime lastLoginDate, lastActivityDate;
GetPasswordWithFormat(username, false, out status, out password, out passwordFormat, out passwordSalt,
out failedPasswordAttemptCount, out failedPasswordAnswerAttemptCount, out isApproved, out lastLoginDate, out lastActivityDate);
if (status == 0)
return EncodePassword(passwordAnswer.ToLower(CultureInfo.InvariantCulture), passwordFormat, passwordSalt);
else
throw new ProviderException(GetExceptionText(status));
}
/
/
public virtual string GeneratePassword()
{
return Membership.GeneratePassword(
MinRequiredPasswordLength < PASSWORD_SIZE ? PASSWORD_SIZE : MinRequiredPasswordLength,
MinRequiredNonAlphanumericCharacters );
}
/
/
private SqlParameter CreateInputParam( string paramName,
SqlDbType dbType,
object objValue )
{
SqlParameter param = new SqlParameter( paramName, dbType );
if( objValue == null )
{
param.IsNullable = true;
param.Value = DBNull.Value;
}
else
{
param.Value = objValue;
}
return param;
}
/
/
private string GetNullableString(SqlDataReader reader, int col)
{
if( reader.IsDBNull( col ) == false )
{
return reader.GetString( col );
}
return null;
}
/
/
private string GetExceptionText(int status) {
string key;
switch (status)
{
case 0:
return String.Empty;
case 1:
key = SR.Membership_UserNotFound;
break;
case 2:
key = SR.Membership_WrongPassword;
break;
case 3:
key = SR.Membership_WrongAnswer;
break;
case 4:
key = SR.Membership_InvalidPassword;
break;
case 5:
key = SR.Membership_InvalidQuestion;
break;
case 6:
key = SR.Membership_InvalidAnswer;
break;
case 7:
key = SR.Membership_InvalidEmail;
break;
case 99:
key = SR.Membership_AccountLockOut;
break;
default:
key = SR.Provider_Error;
break;
}
return SR.GetString(key);
}
private bool IsStatusDueToBadPassword( int status )
{
return ( status >= 2 && status <= 6 || status == 99 );
}
private DateTime RoundToSeconds(DateTime dt)
{
return new DateTime(dt.Year, dt.Month, dt.Day, dt.Hour, dt.Minute, dt.Second);
}
internal string GenerateSalt()
{
byte[] buf = new byte[16];
(new RNGCryptoServiceProvider()).GetBytes(buf);
return Convert.ToBase64String(buf);
}
internal string EncodePassword(string pass, int passwordFormat, string salt)
{
if (passwordFormat == 0) // MembershipPasswordFormat.Clear
return pass;
byte[] bIn = Encoding.Unicode.GetBytes(pass);
byte[] bSalt = Convert.FromBase64String(salt);
byte[] bAll = new byte[bSalt.Length + bIn.Length];
byte[] bRet = null;
Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);
Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);
if (passwordFormat == 1)
{ // MembershipPasswordFormat.Hashed
HashAlgorithm s = HashAlgorithm.Create( Membership.HashAlgorithmType );
bRet = s.ComputeHash(bAll);
} else
{
bRet = EncryptPassword( bAll );
}
return Convert.ToBase64String(bRet);
}
internal string UnEncodePassword(string pass, int passwordFormat)
{
switch (passwordFormat)
{
case 0: // MembershipPasswordFormat.Clear:
return pass;
case 1: // MembershipPasswordFormat.Hashed:
throw new ProviderException(SR.GetString(SR.Provider_can_not_decode_hashed_password));
default:
byte[] bIn = Convert.FromBase64String(pass);
byte[] bRet = DecryptPassword( bIn );
if (bRet == null)
return null;
return Encoding.Unicode.GetString(bRet, 16, bRet.Length - 16);
}
}
}
/
/
/
/
97
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
